The “Certificate of Cloud Security Knowledge (CCSK)” is the first professional certification in Cloud Security Industry released in 2011 and gained the momentum very soon. If you see the top vendor neutral certifications for Cloud Security, then CCSK & CCSP (Certified Cloud Security Professional) stands ahead of other certifications.
In 2017 the CCSK version has changed from version 3 to 4 and the current examination will test the knowledge over version 4 only. The CCSK is managed by “Cloud Security Alliance” and CCSP is being managed by (ISC). CCSK helps individual cloud security engineers and architects, employers, cloud service providers and consulting firms with to develop the best security programs related to globally accepted standards and further build and maintain the secure cloud business.
How to prepare for the CCSK exam:
There could be multiple ways to prepare for the exam, but below my thoughts may ease the preparation and clear the certification at the first attempt.
Step 1: – Read and understand the Security guidance provided by the Cloud Security Alliance. This can be freely downloaded from CSA website else you can find one from the preparation kit that I have shared in this post. This guidance book consists of 152 pages with 14 security domains defined. Below the information that how I received the examination questions across these domains but may vary slightly case by case.
Domain 1: Cloud Computing Concepts and Architectures (6 questions)
Domain 2: Governance & Enterprise Risk Management (2 questions)
Domain 3: Logical Issues, Contracts & Electronic Discovery (3 questions)
Domain 4: Compliance & Audit Management (3 questions)
Domain 5: Information Governance (2 questions)
Domain 6: Management Plane & Business Continuity (4 questions)
Domain 7: Infrastructure Security (6 questions)
Domain 8: Virtualization & Containers (5 questions)
Domain 9: Incident Response (4 questions)
Domain 10: Application Security (6 questions)
Domain 11: Data Security & Encryption (6 questions)
Domain 12: Identity, Entitlement & Access Management (3 questions)
Domain 13: Security as a Service (SecaaS) (2 questions)
Domain 14: Related Technologies (1 question)
I strongly recommend reading this document at least 2 times thoroughly. There are at least 80% of the questions are direct statements from this book. Below is an example
Question: – Immutable workloads make it faster to roll out updated versions because applications must be designed to handle individual nodes going down
- True
- False
The right answer is “True”.
You can see the same statement written in the Security Guidance Book page 86, below the screenshot of the same.
Step 2: – Read and understand the “ENISA” (European Network & Information Security Agency) document of benefits, risks and recommendations for information security (Mainly the ‘Top Security Risks’ Section)
I received 3 questions from this section in the CCSK exam. I have shared this document in the preparation kit as well in this post.
Step 3: – Walk through the Cloud Control Matrix (CCM v 3.0.1)
The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud service provider
I have received 4 questions from this section and shared the CCM document in this post as part of the preparation kit.
Preparation kit : Below the link for the preparation kit
https://github.com/spadigala/CCSKv4
Examination Pattern, Tips and Cautions
Exam Pattern: – CCSK exam can be registered through the below link by signing up.
https://ccsk.cloudsecurityalliance.org/en/login
- Once you sing up, you need to buy the exam with credit card or paypal which costs USD 395. You will receive 2 attempts to acquire the certification and if you pass the exam on your first attempt, then the second attempt will be wiped out.
- CCSK exam is very flexible that you can attend this from your home.
- CCSK exam consists of 60 questions (Multiple choice and True/False) with 90 minutes of time to complete. You can ‘Mark for review’ the question you like to revisit, but if you mark the question for review and unable to review them in the given 90 minutes time, then these questions will not have calculated to the results
Exam Tips: –
I suggest attending the exam with a laptop or desktop having 2 monitors. One monitor you can attempt the exam and another monitor you can open the guidance documents like ENISA, CCM etc. where you can search for the words listed in the question at these guidance documents for references.
Cautions: –
Time is very crucial in this exam as many thinks that this exam can be attended at home by keeping the required material open to read and search which a waste of time in many cases as you may search and answer the 50% questions but will fail to attempt the remaining 50% as the time lapses.
Available trainings from the market
- CSA (The Cloud Security Alliance) provides the information regarding Classroom/Virtual trainings across the globe. You can search the same in below link. But keep in mind that these trainings are very expensive as I could see the minimum training cost is USD 1945 for a 3-day training program.
https://intrinsecsecurity.com/training/courses/ccsk/
- There is an OnDemand online training (Recorded video) provided by https://intrinsecsecurity.com/ but still it will cost you USD 995. But one good thing is that you will receive an examination voucher to redeem where you will save USD 395
- You can buy and practice the questions from Whizlabs (https://www.whizlabs.com). Note that these questions are to self-assessment purpose only and not the examination dumps. Do not expect more than 5% of questions in real exam from these. But this practice questions can help you prepare for the exam by building you the confidence on the required subject
In my view, if you can undergo the above stated 3 Step examination preparation for about a month of time, then you do not need any of these trainings as these trainings help you only visualize the content than reading the guidance document.
Once you finish the exam, then you will receive the results immediately either pass or fail and detailed report of the results containing each domain and questions received and answered correctly. You can download the pdf version of the certificate immediately after you pass the exam.
All the best to your exam and let me know how my plan helped you for the exam.
Sasikanth Padigala 
Leave a comment